Maven can be set up to use a private repository, i.e. Nexus. Usually the repository runs on http and there isn’t any problem to connect to the repository, but when the repository runs on https maven isn’t able to connect to it automatically. The solution to this is to add the server’s certificate to the default Java keystore. When connecting to your https-repository fails, Maven will show you an exception like

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To resolve this, download the server’s certificate and add it to the default Java keystore. The easiest way to download the certificate is with the Java provided keytool. The following command is an example to download the certificate to a .pem file

$ keytool -J-Djava.net.useSystemProxies=true -printcert -rfc -sslserver \[hostname\]:443 > cert.pem

Of course the proxy-part is optional. Now you downloaded the certificate, you can add it to the keystore with the following command

$ keytool -importcert -file cert.pem -alias \[your\_alias\] -storepass changeit -keystore $JAVA\_HOME/jre/lib/security/cacerts

Note that $JAVA_HOME is the path to your JDK that is known by Maven. That’s it, folks!

shadow-left